Mercurial > hg > icedtea13
changeset 2326:d0941d204617
Make sandbox permissions a subset of permissions returned for any code source.
author | Deepak Bhole <dbhole@redhat.com> |
---|---|
date | Wed, 28 Jul 2010 15:42:06 -0400 |
parents | 645e965b61e7 |
children | b4d1a0a7ad8f |
files | ChangeLog netx/net/sourceforge/jnlp/SecurityDesc.java |
diffstat | 2 files changed, 10 insertions(+), 17 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Jul 28 15:40:48 2010 -0400 +++ b/ChangeLog Wed Jul 28 15:42:06 2010 -0400 @@ -1,3 +1,9 @@ +2010-07-28 Deepak Bhole <dbhole@redhat.com> + + * netx/net/sourceforge/jnlp/SecurityDesc.java (getPermissions): Clean up + method, and make sure sandbox permissions are always a subset of what is + returned. + 2010-07-28 Deepak Bhole <dbhole@redhat.com> * netx/net/sourceforge/jnlp/tools/JarSigner.java: Add new verifyResult enum
--- a/netx/net/sourceforge/jnlp/SecurityDesc.java Wed Jul 28 15:40:48 2010 -0400 +++ b/netx/net/sourceforge/jnlp/SecurityDesc.java Wed Jul 28 15:42:06 2010 -0400 @@ -160,33 +160,20 @@ * permissions granted depending on the security type. */ public PermissionCollection getPermissions() { - Permissions permissions = new Permissions(); + PermissionCollection permissions = getSandBoxPermissions(); - // all + // discard sandbox, give all if (type == ALL_PERMISSIONS) { + permissions = new Permissions(); permissions.add(new AllPermission()); return permissions; } - // restricted - if (type == SANDBOX_PERMISSIONS) { - for (int i=0; i < sandboxPermissions.length; i++) - permissions.add(sandboxPermissions[i]); - - if (downloadHost != null) - permissions.add(new SocketPermission(downloadHost, - "connect, accept")); - } - - // j2ee + // add j2ee to sandbox if needed if (type == J2EE_PERMISSIONS) for (int i=0; i < j2eePermissions.length; i++) permissions.add(j2eePermissions[i]); - if (file.isApplication()) - for (int i=0; i < jnlpRIAPermissions.length; i++) - permissions.add(jnlpRIAPermissions[i]); - return permissions; }